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REMARKS 

Claims 1, 6, 7, 10, 11, 14, 17 and 20 were pending. Claims 2-5, 
8, 9, 12, 13, 15 t 16, 18 and 19 were previously canceled, without 
prejudice or disclaimer. By this Amendment, new dependent claims 
21 and 22 have been added. New dependent: claims 21 and 2 2 
clarify the claimed invention of claim 1, without narrowing the 
scope of the claimed invention and without introducing new 
issues. Accordingly, claims 1, 6, 7, 10, 11, 14, 17 and 20-22 
are now pending, with claims 1, 6, 7, 14. 17 and 20 in 
independent form . 

Applicant maintains that no new matter is introduced by this 
Amendment. Support for the claim amendments may be found in the 
application at, for example, page 5, lines 2-7, page 6, lines 8- 
11, and page 8, lines 13-17. Accordingly, Applicant respectfully 
requests that this Amendment be entered. 

Rejection Under 35 U.S.C. §103 (a) 

On page 3 of the January 25, 2005 final Office Action, claims 1, 
6, 7, 10, 11, 15, 17 and 20 were rejected und€=r 35 U.S.C. §103 (a) 
as allegedly unpatentable over U.S. Patent No. 6,3 3 9,423 to 
Sampson et al . in view of U.S. Patent No, 6,032,260 to Sasmazel 
et al. 

In reference to claims 1, 7, 14, 17 and 20, the Office Action 
states that Sampson discloses an access authentication system for 
providing a client with a service of connection to a terminal 
server. The Office Action further states that the system 
includes a first authentication server for determining whether or 
not the client should be connected to the first terminal server, 
on the basis of personal information input by the client to the 
first terminal server. The Office Action also states that the 
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first authentication server creating first ticket data by 
encoding a client parameter, which includes part of the personal 
information, on the basis of a predetermined formula. The Office 
Action further states that the access control 240 performs the 
function of the authentication server by determining if the 
browser is authenticated. The Office Action states that the 
access control also Bends the browser a cooki« that is encrypted 
therefore encoded personal information using a predetermined 
formula. The Office Action also states that Sampson creates a 
second cookie by encoding the client parameter on the basis of a 
predetermined formula when the browser tries to connect to a new 
domain. 

The Office Action acknowledges that Sampson does not expressly 
disclose transferring the ticket to the web server, checking 
whether the ticket is used, and supplying the web server with 
information indicative of whether the second terminal server 
should be connected to the client. The Office Action further 
acknowledges that Sampson discloses a cookie (ticket) with user 
data, Sampson does not expressly disclose the data in the cookie 
encoded using a summarization using a one-way function. 

The Office Action states that Sasmazel discloses a system of 
transferring the eticket from server to server. The Office 
Action further states that the information in the eticket of 
Sasmazel is hashed (summarization using a one-way function) and 
encrypted (one-way function) . The Office Action also states that 
the eticket of Sasmazel is transferred to the second terminal 
server by the first sending it to the browser and then the 
browser sends the ticket to the web server 220 or 240. 

The Office Action states that the second authorization server 
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(360) , which performs Che function of che second authentication 
server of detecting whether or not client parameter is valid and 
whether or not the first ticket data has been used. The Office 
Action further states that Sasmazel checks whether the user is in 
session, which is a method of checking whether che eticket has 
been used. The Office Action states that the web server is then 
supplied data indicative of whether or not the second terminal 
server should be connected to the client. The Office Action also 
states that Sasmazel stores in a file information for 
authenticating the user and therefore first ticket data. The 
Office Action further states that comparing the first and second 
ticket data includes checking the validity of the ticket. 

The Office Action states that the system of Sasmazel discloses 
the client parameter includes at least one of ID information of 
the client, and access-originator IP address and an expiration 
date set for the first ticket data. The Office Action further 
states that Che system of Sasmazel suggests the common character 
string is changed at a predetermined point in time. 

The Office Action alleges that at the time the invention was 
made, it would have been obvious to a person of ordinary skill in 
the art to transfer the ticket information to the web server, 
check whether the ticket is used and supply the web server with 
information indicative of whether the second terminal server 
should be connected to the client as in the system of Sasmazel in 
the system of Sampson. The Office Action further alleges that 
one of ordinary skill in the art would have been motivated to do 
this because the ticket may be securely passed from server to 
server without the user having to re-authent icate . 

In reference to claim 6, which is rejected as the rejection for 
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claim one. The Office Action further scares that in addition, 
Sampson discloses a system wherein the user may enter logon 
information. The Office Action also states that logon 
information includes an ID and a password entered by the client. 
The Office Action further states that the ticket disclosed by 
Sasmazel that is transported from server to server includes an 
expiration date; and a common character string in the form of a 
public signature. The Office Action states that since the ticket 
includes ID information and the system checks whether as user is 
in session. The Office Action also states that the system of 
Sasmazel therefore compares the access -originator IP address 
provided in the ticket which is sent to the second terminal 
server this would result in determining whether or not access by 
the client has been executed on or before th« expiration date. 

In reference to claim 10, wherein the second authentication means 
judges validity of the first ticket data, the Office Action 
acknowledges that Sampson does not expressly disclose the second 
authentication mean© judges validity of the first ticket data. 

The Office Action states that Sasmazel stores in a file 
information for authenticating the user arid therefore first 
ticket data. The Office Action further states that comparing the 
first and second ticket data includes checking the validity of 
the ticket. The Office Action also states thcit this suggests the 
second authentication means judges the validity of the first 
ticket data. 

The Office Action alleges that at the time the invention was 
made, it would have been obvious to a person of ordinary skill in 
the art to judge Che validity of the first ticket data as shown 
in Sasmazel in the system of Sampson. The Office Action further 
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alleges chat one of ordinary skill in the art would have been 
motivated to this because checking the validity of the ticket 
would expose any attempt to carry out fraud. 

In reference to claim 11, wherein the second authentication means 
judges legality of the client parameter, the Office Action states 
Chat since the validity of the ticket is checked it follows that 
the legality of the client parameter is check. 

Applicant maintains that the cited references do not render the 
claimed invention unpatentable. The claimed invention is 
patentable over the cited art for at least the following reasons. 

The present application relates to access authentication when 
service is provided to connect a client to a second terminal 
server via a first terminal server. In many instances, the client 
will want to obtain the benefit of services from plural terminal 
servers, since generally no single server can provide all of the 
services that the client would want. However, the client is 
typically contracted with the first terminal server for receiving 
services from the first terminal server, but is not contracted 
with the second terminal server (or additional terminal servers) . 
In addition, the client may not wish to connect directly to the 
second terminal server for other reasons (such as convenience) . 
For example, in order to connect directly to a terminal server, 
the client typically is required to supply personal information, 
such as ID information and password, to the terminal server. 
Therefore, if the client seeks the services of plural terminal 
servers, it is very inconvenient for the client to connect 
directly to the plural terminal servers, each of which would 
require the client Co enter the personal information. 
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Applicant devised improved techniques which enable a client to 
obtain services from plural terminal servers, without having to 
enter personal information plural times for the respective plural 
terminal servers. The claimed invention of the present 

application provides for authentication by transferring client 
parameter and first ticket data created by a first authentication 
server (associated with the first terminal server) to a second 
authentication server (associated with th«! second terminal 
server) - The first authorization server t2*ansfers the first 
ticket data and the client parameter directly to the second 
authorization server without going through the client. Based on 
the first ticket data and the client parameter, the second 
authentication server determines whether or not the second 
terminal server is should be connected to the client. Thus, 
assuming the first ticket data and the client parameter are 
authenticated by the second authentication server, the client can 
be connected to, and obtain the services of, the second terminal 
server via the first terminal server - 

Sampson and Sasmazel do not disclose or suggest the claimed 
invention because neither references disclose or suggest 
connecting the client to the second terminal sserver via the first 
terminal server. 

Sampson, as understood by Applicant, is directed to a multi- 
domain access control scheme. In the access i3cheme of Sampson, a 
first server transmits a data token to client which seeks to 
obtain access to a resource in a second domain. The client uses 
the data token to connect to a second server in the second 
domain. The second server uses the data token to check that the 
client is authentic and should be given access to resources in 
the second domain. After issuing the data token, the first 
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server ie not involved in the connection by the client to the 
second domain. 

Moreover, Sampson does not disclose or suggest that the first 
server transfers first ticket data and client parameter to the 
second server, as provided by the claimed invention of this 
application . 

Sasmazel, as understood by Applicant, is directed to an eticket 
architecture for issuing authenticated electronic tickets in a 
distributed computing system and updating user authentication 
and/or authorization. As pointed out in the Office Action, when 
the eticket is created or updated in the Sasmazel eticket 
architecture by a first authentication server, the eticket is 
transferred by the first authentication server to the client 
browser, and the client browser then must send the ticket to a 
second authentication server in order to obtain the services of 
the associated second terminal server . 

Applicant does not find teaching or suggestion in Sasmazel or 
Sampson of an access authentication system or method wherein the 
client is connected to the second terminal server via the first 
terminal server. Both Sasmazel and Sampson relies on the client 
to connect to the second terminal server aft ex* obtaining the data 
token or eticket from the first server. 

Therefore, Sampson and Sasmazel, considered singly or in 
combination, fail to teach or render obvious all features of the 
claimed invention. 

Accordingly, Applicant respectfully request*? chat the Examiner 
reconsider and withdraw the rejection under 35 U-S.C. S103(a). 
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In view of the claim amendments and remarks hereinabove, 
Applicant maintains that the application is now in condition for 
allowance . 

If a telephone interview would be of assistance in advancing 
prosecution of the subject application, Applicant's undersigned 
attorneys invite the Examiner to telephone them at the telephone 
number provided below. 

If a petition for an extension of time is required to make this 
response timely, this paper should be considered to be such a 
petition, and the Commissioner is authorized to charge the 
requisite fees to our Deposit Account No. 03-3125. 

No fee is deemed necessary in connection with the filing of this 
Amendment. However, if any additional fee is required, 
authorization is hereby given to charge the amount of any such 
fee to Deposit Account No. 03-3125. 

Re spe c t fully submi 1 1 ed , 



I hereby certify chat this correspondence iall 
being c ran emit ted by facsimile transmission! 
and is being deposited this date with the 
U.S. Postal Service with sufficient postage 
as first claaa mail in an envelope addressed 
to* Mail Stop AP, Commiccioner for Patents, 
P.O. Box X4S0, Alexandria, va 23313-1450. 
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Reg . No . 
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Paul Teng, 
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Attorneys for Applicant 
Cooper 6c Dunham, LLP 
1185 Avenue of the Americas 
New York, New York 1003 6 
(212) 278-0400 
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